The open specifications are designed to be extensible and accommodate future innovation, as well as protect existing investments in authentication technologies.

Fido specifications allow device-specific authentication capabilities to be used by online services within an interoperable infrastructure, giving service providers and users a choice of authentication methods.

The improved user authentication enabled by Fido specifications can also be federated using existing industry standards such as OpenID and SAML.

In the year since its launch, the Fido Alliance has grown from six founding members to almost 100, including Google, Mastercard, Microsoft, Nok Nok Labs, PayPal, RSA, Lenovo and Dell.

"With the public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises," said Michael Barrett, president of the Fido Alliance and CISO at PayPal.

"Furthermore, we encourage relying parties to begin testing their unique Fido authentication needs with the commercial solutions already available from many Fido member companies," he said.

"There is a real interest in an industry in which it has always been difficult to get anyone to agree on anything," said Phil Dunkelberger, CEO of Nok Nok Labs and a founding member of the Fido Alliance.

The publication of the draft technical specification for public comment demonstrates real progress, with version 1.0 expected to be finalised by the second half of 2014, he told Computer Weekly.

Dunkelberger believes that publication of the draft specification will help build momentum in adoption of the protocol, and that enterprises will soon begin using Fido-enabled means of authentication.

There is a real interest in an industry in which it has always been difficult to get anyone to agree on anything

"Many enterprise laptops are equipped with fingerprint readers, and I expect to see companies starting to turn these on and use them within the next three months," he said.

This approach solves a big problem by enabling authentication at scale in user-friendly ways that use whatever is available on devices such as cameras, TPMs and fingerprint readers, said Dunkelberger.

"It is more secure and easier to use, which means it could be a game changer, with initial adoption this year, but with the real trajectory becoming apparent in 2015," he said.

Dunkelberger expects Fido-enabled authentication to have steep adoption curve similar to that of Wi-Fi. "Nothing else enables risk-based decisions on the fly," he said.

Now that the draft specification has been published, he predicts that within 18 months there will be between 200 and 400 million devices available with the Fido software client.

Fido Alliance members are already developing Fido Ready products and services based on early draft specifications. These include AGNITiO, Go-Trust, Nok Nok Labs, NXP Semiconductors, and Yubico.

In October 2013, The Fido Alliance began a certification program with Fido Ready branding for implementations passing conformance and interoperability testing to early draft specifications.

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I welcome tokens and smart cards but I'm concerned about biometric authentication. People grow old, people change, and biometric data can be stolen and replicated. It's still easy to change a password; changing fingerprints - not so much.